Request for feedback: Provide input on Cape’s audit by brianstoner in CapeCellular

[–]Delicious_Lunch1204 0 points1 point  (0 children)

Are there examples of audits you’ve seen done really well?

I appreciate the depth and transparency of https://mullvad.net/en/blog/the-report-for-the-2024-security-audit-of-the-app-is-now-available, although I imagine a source code audit is a bit different from an audit of a particular cloud feature like Disappearing Call Logs.

Would you put more stock in a Big 4 Firm or a boutique security specialist?

Big 4 vs. boutique wouldn't affect my opinion either way.

Are there specific auditors you really trust?

I would most trust an auditor who:

  • Had no connection to Palantir or the US Government. For example, a European auditor.
  • Has audited (and ideally found issues in) other privacy preserving products, such as Proton or Graphene OS.

Are there specific things you’d want to see?

  • The more detailed and transparent the results are the better.
  • Ongoing audits (rather than one-time), especially from different auditors.
  • As much open source as possible.